Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository. Reference: https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-1878
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.9 Via RHSA-2022:0339 https://access.redhat.com/errata/RHSA-2022:0339
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.8 Via RHSA-2022:0483 https://access.redhat.com/errata/RHSA-2022:0483
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.7 Via RHSA-2022:0491 https://access.redhat.com/errata/RHSA-2022:0491
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.11 Via RHSA-2022:0555 https://access.redhat.com/errata/RHSA-2022:0555
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.6 Via RHSA-2022:0565 https://access.redhat.com/errata/RHSA-2022:0565
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-20617